Allow multiple PSA service providers in net-vpc module (#2218)

* allowing multiple PSA service providers in net-vpc module

* tfdoc

* tfdoc

* Add tfvars/yaml tests

* fix module and tests

* re-enable inventory

* merge fix

* Add multiple PSA test case

* fix cloudsql example

---------

Co-authored-by: Wiktor Niesiobędzki <wiktorn@google.com>

tests/modules/cloudsql_instance/examples/simple.yaml

@@ -14,22 +14,138 @@
 
 values:
   module.db.google_sql_database_instance.primary:
+    clone: []
     database_version: POSTGRES_13
+    deletion_protection: true
     name: db
     project: my-db-project
     region: europe-west1
+    restore_backup_context: []
+    root_password: null
     settings:
     - activation_policy: ALWAYS
+      active_directory_config: []
+      advanced_machine_features: []
       availability_type: ZONAL
+      collation: null
+      data_cache_config: []
+      database_flags: []
       deletion_protection_enabled: true
+      deny_maintenance_period: []
       disk_autoresize: true
+      disk_autoresize_limit: 0
       disk_type: PD_SSD
+      edition: ENTERPRISE
       insights_config: []
       ip_configuration:
       - allocated_ip_range: null
         authorized_networks: []
+        enable_private_path_for_google_cloud_services: null
         ipv4_enabled: false
+        psc_config: []
+        require_ssl: null
+      maintenance_window: []
+      password_validation_policy: []
+      pricing_plan: PER_USE
+      sql_server_audit_config: []
       tier: db-g1-small
+      time_zone: null
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: null
+    labels: null
+    name: my-db-project
+    org_id: '1122334455'
+    project_id: my-db-project
+    skip_delete: false
+    timeouts: null
+  module.project.google_project_iam_member.servicenetworking[0]:
+    condition: []
+    project: my-db-project
+    role: roles/servicenetworking.serviceAgent
+  module.project.google_project_service.project_services["servicenetworking.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: my-db-project
+    service: servicenetworking.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.servicenetworking[0]:
+    project: my-db-project
+    service: servicenetworking.googleapis.com
+    timeouts: null
+  module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-cloud-sql"]:
+    address: 10.60.0.0
+    address_type: INTERNAL
+    description: null
+    ip_version: null
+    name: servicenetworking-googleapis-com-cloud-sql
+    prefix_length: 16
+    project: my-db-project
+    purpose: VPC_PEERING
+    timeouts: null
+  module.vpc.google_compute_network.network[0]:
+    auto_create_subnetworks: false
+    delete_default_routes_on_create: false
+    description: Terraform-managed.
+    enable_ula_internal_ipv6: null
+    name: my-network
+    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
+    project: my-db-project
+    routing_mode: GLOBAL
+    timeouts: null
+  module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
+    export_custom_routes: false
+    import_custom_routes: false
+    network: my-network
+    project: my-db-project
+    timeouts: null
+  module.vpc.google_compute_route.gateway["private-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.8/30
+    name: my-network-private-googleapis
+    network: my-network
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: my-db-project
+    tags: null
+    timeouts: null
+  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.4/30
+    name: my-network-restricted-googleapis
+    network: my-network
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: my-db-project
+    tags: null
+    timeouts: null
+  module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
+    deletion_policy: null
+    reserved_peering_ranges:
+    - servicenetworking-googleapis-com-cloud-sql
+    service: servicenetworking.googleapis.com
+    timeouts: null
 
 counts:
+  google_compute_global_address: 1
+  google_compute_network: 1
+  google_compute_network_peering_routes_config: 1
+  google_compute_route: 2
+  google_project: 1
+  google_project_iam_member: 1
+  google_project_service: 1
+  google_project_service_identity: 1
+  google_service_networking_connection: 1
   google_sql_database_instance: 1
+  modules: 3
+  resources: 11
+
+outputs: {}

tests/modules/net_vpc/examples/psa-multiple-providers.yaml

@@ -0,0 +1,57 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]:
+    address: 10.0.1.0
+    address_type: INTERNAL
+    name: servicenetworking-googleapis-com-myrange
+    prefix_length: 24
+    project: project-id
+    purpose: VPC_PEERING
+  module.vpc.google_compute_global_address.psa_ranges["netapp-servicenetworking-goog-netapp"]:
+    address: 10.0.2.0
+    address_type: INTERNAL
+    name: netapp-servicenetworking-goog-netapp
+    prefix_length: 24
+    project: project-id
+    purpose: VPC_PEERING
+  module.vpc.google_compute_network.network[0]:
+    name: my-network
+    project: project-id
+  module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
+    export_custom_routes: false
+    import_custom_routes: false
+    project: project-id
+  module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
+    ip_cidr_range: 10.0.0.0/24
+    name: production
+    project: project-id
+  module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
+    reserved_peering_ranges:
+      - servicenetworking-googleapis-com-myrange
+    service: servicenetworking.googleapis.com
+  module.vpc.google_service_networking_connection.psa_connection["netapp.servicenetworking.goog"]:
+    reserved_peering_ranges:
+      - netapp-servicenetworking-goog-netapp
+    service: netapp.servicenetworking.goog
+
+counts:
+  google_compute_global_address: 2
+  google_compute_network: 1
+  google_compute_network_peering_routes_config: 2
+  google_compute_subnetwork: 1
+  google_service_networking_connection: 2
+
+outputs: {}

tests/modules/net_vpc/examples/psa-routes.yaml

@@ -13,42 +13,94 @@
 # limitations under the License.
 
 values:
-  module.vpc.google_compute_global_address.psa_ranges["myrange"]:
+  module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]:
     address: 10.0.1.0
     address_type: INTERNAL
-    name: myrange
+    description: null
+    ip_version: null
+    name: servicenetworking-googleapis-com-myrange
     prefix_length: 24
     project: project-id
     purpose: VPC_PEERING
+    timeouts: null
   module.vpc.google_compute_network.network[0]:
+    auto_create_subnetworks: false
+    delete_default_routes_on_create: false
+    description: Terraform-managed.
+    enable_ula_internal_ipv6: null
     name: my-network
+    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
     project: project-id
     routing_mode: GLOBAL
-  module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
+    timeouts: null
+  module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
     export_custom_routes: true
     import_custom_routes: true
+    network: my-network
     project: project-id
+    timeouts: null
+  module.vpc.google_compute_route.gateway["private-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.8/30
+    name: my-network-private-googleapis
+    network: my-network
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: project-id
+    tags: null
+    timeouts: null
+  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.4/30
+    name: my-network-restricted-googleapis
+    network: my-network
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: project-id
+    tags: null
+    timeouts: null
   module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
+    description: Terraform-managed.
     ip_cidr_range: 10.0.0.0/24
+    ipv6_access_type: null
+    log_config: []
     name: production
+    network: my-network
     private_ip_google_access: true
     project: project-id
     region: europe-west1
+    role: null
     secondary_ip_range: []
-  module.vpc.google_service_networking_connection.psa_connection[0]:
+    timeouts: null
+  module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
+    deletion_policy: null
     reserved_peering_ranges:
-    - myrange
+    - servicenetworking-googleapis-com-myrange
     service: servicenetworking.googleapis.com
-  module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]:
+    timeouts: null
+  module.vpc.google_service_networking_peered_dns_domain.name["servicenetworking-googleapis-com-gcp-example-com-"]:
     dns_suffix: gcp.example.com.
-    name: gcp-example-com
+    name: servicenetworking-googleapis-com-gcp-example-com-
+    network: my-network
     project: project-id
     service: servicenetworking.googleapis.com
+    timeouts: null
 
 counts:
   google_compute_global_address: 1
   google_compute_network: 1
   google_compute_network_peering_routes_config: 1
+  google_compute_route: 2
   google_compute_subnetwork: 1
   google_service_networking_connection: 1
-  google_service_networking_peered_dns_domain: 1
+  google_service_networking_peered_dns_domain: 1
+  modules: 1
+  resources: 8
+
+outputs: {}

tests/modules/net_vpc/examples/psa.yaml

@@ -13,34 +13,86 @@
 # limitations under the License.
 
 values:
-  module.vpc.google_compute_global_address.psa_ranges["myrange"]:
+  module.vpc.google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-myrange"]:
     address: 10.0.1.0
     address_type: INTERNAL
-    name: myrange
+    description: null
+    ip_version: null
+    name: servicenetworking-googleapis-com-myrange
     prefix_length: 24
     project: project-id
     purpose: VPC_PEERING
+    timeouts: null
   module.vpc.google_compute_network.network[0]:
+    auto_create_subnetworks: false
+    delete_default_routes_on_create: false
+    description: Terraform-managed.
+    enable_ula_internal_ipv6: null
     name: my-network
+    network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
     project: project-id
-  module.vpc.google_compute_network_peering_routes_config.psa_routes[0]:
+    routing_mode: GLOBAL
+    timeouts: null
+  module.vpc.google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
     export_custom_routes: false
     import_custom_routes: false
+    network: my-network
     project: project-id
+    timeouts: null
+  module.vpc.google_compute_route.gateway["private-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.8/30
+    name: my-network-private-googleapis
+    network: my-network
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: project-id
+    tags: null
+    timeouts: null
+  module.vpc.google_compute_route.gateway["restricted-googleapis"]:
+    description: Terraform-managed.
+    dest_range: 199.36.153.4/30
+    name: my-network-restricted-googleapis
+    network: my-network
+    next_hop_gateway: default-internet-gateway
+    next_hop_ilb: null
+    next_hop_instance: null
+    next_hop_vpn_tunnel: null
+    priority: 1000
+    project: project-id
+    tags: null
+    timeouts: null
   module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
+    description: Terraform-managed.
     ip_cidr_range: 10.0.0.0/24
+    ipv6_access_type: null
+    log_config: []
     name: production
+    network: my-network
+    private_ip_google_access: true
     project: project-id
-  module.vpc.google_service_networking_connection.psa_connection[0]:
+    region: europe-west1
+    role: null
+    secondary_ip_range: []
+    timeouts: null
+  module.vpc.google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
+    deletion_policy: null
     reserved_peering_ranges:
-    - myrange
+    - servicenetworking-googleapis-com-myrange
     service: servicenetworking.googleapis.com
+    timeouts: null
 
 counts:
   google_compute_global_address: 1
   google_compute_network: 1
   google_compute_network_peering_routes_config: 1
+  google_compute_route: 2
   google_compute_subnetwork: 1
   google_service_networking_connection: 1
+  modules: 1
+  resources: 7
 
-outputs: {}
+outputs: {}

tests/modules/net_vpc/psa_routes_export.tfvars

@@ -1,7 +1,7 @@
-psa_config = {
+psa_configs = [{
   ranges = {
     bar = "172.16.100.0/24"
   }
   export_routes = true
   import_routes = false
-}
+}]

tests/modules/net_vpc/psa_routes_export.yaml

@@ -13,12 +13,12 @@
 # limitations under the License.
 
 values:
-  google_compute_global_address.psa_ranges["bar"]:
+  google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-bar"]:
     address: 172.16.100.0
     address_type: INTERNAL
     description: null
     ip_version: null
-    name: bar
+    name: servicenetworking-googleapis-com-bar
     prefix_length: 24
     project: test-project
     purpose: VPC_PEERING
@@ -30,13 +30,13 @@ values:
     name: test
     project: test-project
     routing_mode: GLOBAL
-  google_compute_network_peering_routes_config.psa_routes[0]:
+  google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
     export_custom_routes: true
     import_custom_routes: false
     project: test-project
-  google_service_networking_connection.psa_connection[0]:
+  google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
     reserved_peering_ranges:
-    - bar
+    - servicenetworking-googleapis-com-bar
     service: servicenetworking.googleapis.com
 
 counts:

tests/modules/net_vpc/psa_routes_import.tfvars

@@ -1,7 +1,7 @@
-psa_config = {
+psa_configs = [{
   ranges = {
     bar = "172.16.100.0/24"
   }
   export_routes = false
   import_routes = true
-}
+}]

tests/modules/net_vpc/psa_routes_import.yaml

@@ -13,12 +13,12 @@
 # limitations under the License.
 
 values:
-  google_compute_global_address.psa_ranges["bar"]:
+  google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-bar"]:
     address: 172.16.100.0
     address_type: INTERNAL
     description: null
     ip_version: null
-    name: bar
+    name: servicenetworking-googleapis-com-bar
     prefix_length: 24
     project: test-project
     purpose: VPC_PEERING
@@ -30,13 +30,13 @@ values:
     name: test
     project: test-project
     routing_mode: GLOBAL
-  google_compute_network_peering_routes_config.psa_routes[0]:
+  google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
     export_custom_routes: false
     import_custom_routes: true
     project: test-project
-  google_service_networking_connection.psa_connection[0]:
+  google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
     reserved_peering_ranges:
-    - bar
+    - servicenetworking-googleapis-com-bar
     service: servicenetworking.googleapis.com
 
 counts:

tests/modules/net_vpc/psa_routes_import_export.tfvars

@@ -1,7 +1,7 @@
-psa_config = {
+psa_configs = [{
   ranges = {
     bar = "172.16.100.0/24"
   }
   export_routes = true
   import_routes = true
-}
+}]

tests/modules/net_vpc/psa_routes_import_export.yaml

@@ -13,12 +13,12 @@
 # limitations under the License.
 
 values:
-  google_compute_global_address.psa_ranges["bar"]:
+  google_compute_global_address.psa_ranges["servicenetworking-googleapis-com-bar"]:
     address: 172.16.100.0
     address_type: INTERNAL
     description: null
     ip_version: null
-    name: bar
+    name: servicenetworking-googleapis-com-bar
     prefix_length: 24
     project: test-project
     purpose: VPC_PEERING
@@ -30,13 +30,13 @@ values:
     name: test
     project: test-project
     routing_mode: GLOBAL
-  google_compute_network_peering_routes_config.psa_routes[0]:
+  google_compute_network_peering_routes_config.psa_routes["servicenetworking.googleapis.com"]:
     export_custom_routes: true
     import_custom_routes: true
     project: test-project
-  google_service_networking_connection.psa_connection[0]:
+  google_service_networking_connection.psa_connection["servicenetworking.googleapis.com"]:
     reserved_peering_ranges:
-    - bar
+    - servicenetworking-googleapis-com-bar
     service: servicenetworking.googleapis.com
 
 counts: